diff options
-rw-r--r-- | install/tools/ipa-upgradeconfig | 43 | ||||
-rw-r--r-- | ipapython/dogtag.py | 4 |
2 files changed, 31 insertions, 16 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 4ed718a9b..51e5b1d59 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -204,7 +204,7 @@ def check_certs(): else: root_logger.debug('Certificate file exists') -def upgrade_pki(fstore): +def upgrade_pki(ca, fstore): """ Update/add the dogtag proxy configuration. The IPA side of this is handled in ipa-pki-proxy.conf. @@ -213,8 +213,8 @@ def upgrade_pki(fstore): """ configured_constants = dogtag.configured_constants() root_logger.info('[Verifying that CA proxy configuration is correct]') - if not os.path.exists(configured_constants.CS_CFG_PATH): - root_logger.debug('No CA detected in /etc/pki-ca') + if not ca.is_configured(): + root_logger.info('CA is not configured') return http = httpinstance.HTTPInstance(fstore) @@ -300,7 +300,7 @@ def upgrade_ipa_profile(ca): if audit or ski: return True else: - root_logger.debug('CA is not configured') + root_logger.info('CA is not configured') return False @@ -329,7 +329,7 @@ def named_enable_psearch(): if not bindinstance.named_conf_exists(): # DNS service may not be configured - root_logger.debug('DNS not configured') + root_logger.info('DNS is not configured') return try: @@ -401,7 +401,7 @@ def named_enable_serial_autoincrement(): if not bindinstance.named_conf_exists(): # DNS service may not be configured - root_logger.debug('DNS not configured') + root_logger.info('DNS is not configured') return changed try: @@ -448,8 +448,9 @@ def enable_certificate_renewal(ca): Returns True when CA needs to be restarted """ + root_logger.info('[Enable certificate renewal]') if not ca.is_configured(): - root_logger.debug('dogtag not configured') + root_logger.info('CA is not configured') return False # Using the nickname find the certmonger request_id @@ -508,11 +509,20 @@ def migrate_crl_publish_dir(ca): root_logger.info('CRL tree already moved') return False + if not ca.is_configured(): + root_logger.info('CA is not configured') + return False + caconfig = dogtag.configured_constants() - old_publish_dir = installutils.get_directive(caconfig.CS_CFG_PATH, - 'ca.publish.publisher.instance.FileBaseCRLPublisher.directory', - separator='=') + try: + old_publish_dir = installutils.get_directive(caconfig.CS_CFG_PATH, + 'ca.publish.publisher.instance.FileBaseCRLPublisher.directory', + separator='=') + except OSError, e: + root_logger.error('Cannot read CA configuration file "%s": %s', + caconfig.CS_CFG_PATH, e) + return False if old_publish_dir == caconfig.CRL_PUBLISH_PATH: # publish dir is already updated @@ -536,9 +546,14 @@ def migrate_crl_publish_dir(ca): except Exception, e: root_logger.error('Cannot move CRL file to new directory: %s', e) - installutils.set_directive(caconfig.CS_CFG_PATH, - 'ca.publish.publisher.instance.FileBaseCRLPublisher.directory', - publishdir, quotes=False, separator='=') + try: + installutils.set_directive(caconfig.CS_CFG_PATH, + 'ca.publish.publisher.instance.FileBaseCRLPublisher.directory', + publishdir, quotes=False, separator='=') + except OSError, e: + root_logger.error('Cannot update CA configuration file "%s": %s', + caconfig.CS_CFG_PATH, e) + return False sysupgrade.set_upgrade_state('dogtag', 'moved_crl_publish_dir', True) root_logger.info('CRL publish directory has been migrated, ' 'request pki-ca restart') @@ -595,7 +610,7 @@ def main(): upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True) - upgrade_pki(fstore) + upgrade_pki(ca, fstore) update_dbmodules(api.env.realm) uninstall_ipa_kpasswd() diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 3bc9e5d5d..907cebc61 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -54,7 +54,7 @@ class Dogtag10Constants(object): SERVER_ROOT = '/var/lib/pki' PKI_INSTANCE_NAME = 'pki-tomcat' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT + CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' CS_CFG_PATH = '%s/conf/ca/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/ca/profiles/ca' % PKI_ROOT @@ -78,7 +78,7 @@ class Dogtag9Constants(object): SERVER_ROOT = '/var/lib' PKI_INSTANCE_NAME = 'pki-ca' PKI_ROOT = '%s/%s' % (SERVER_ROOT, PKI_INSTANCE_NAME) - CRL_PUBLISH_PATH = '%s/ipa/pki-ca/publish' % SERVER_ROOT + CRL_PUBLISH_PATH = '/var/lib/ipa/pki-ca/publish' CS_CFG_PATH = '%s/conf/CS.cfg' % PKI_ROOT PASSWORD_CONF_PATH = '%s/conf/password.conf' % PKI_ROOT SERVICE_PROFILE_DIR = '%s/profiles/ca' % PKI_ROOT |